Protecting the financial and personal information of its clients has always been a top priority for Syntrus Achmea Real Estate, the largest property investor in the Netherlands, with hundreds of employees. Its multifaceted approach to ensuring against the unauthorized use or disclosure of protected data includes fighting threats related to insiders – the legitimate users of the corporate network, primarily, employees.

The Challenge

"Since 2005, we have regularly been subject to SAS 70 type II and ICS (Internal Control Statement) audits, which have heightened our awareness of the security threat inherent in the growing popularity of USB sticks and other removable storage devices. These convenient and easily lost and concealed devices coupled with some insiders’ inherent negligence, errors, and – very unlikely but not impossible – malicious intent could create a new data leakage channel or, inversely, a malware penetration path within the protected network perimeter. Without measures to control their use, the devices presented a significant risk to corporate IT security," explained Marcel Dijkstra, ICT Manager for Syntrus Achmea Real Estate.

"Our intention was to disallow the use of USB devices on Windows XP clients. The risk was simply too high. When we used Windows NT in the office, employees could not use the USB ports. But outside the office, people had gradually started using Windows XP and USB ports," detailed André Kleimeer, System Administrator for Syntrus Achmea Real Estate. "When we migrated from Windows NT to Windows XP, we wanted to shut down the USB ports and from that point control how they were going to be used. When considering third-party endpoint device controls, we knew we wanted the flexibility to allow predefined unique devices to be used in the corporate network (e.g. rarely used biometric and encrypted devices), while blocking others. Naturally, it was not our intent to complicate the way our employees performed their business duties regarding the use of specific removable storage devices with corporate computers. So we were seeking an approach that would allow us to satisfy the needs of employees, even in exceptional situations when they require some specific USB devices not generally permitted in our regular corporate security policy rules."

Without waiting for real incidents to happen, the company’s IT security administration began to research and evaluate enterprise-class endpoint device control solutions that would address the risk of data leaks via removable USB drives and that could be deployed and managed on the scale of the entire company’s IT infrastructure.

The Solution

To choose the device control product, Syntrus Achmea Real Estate began by outlining several key requirements; the solution would need to be a good fit based on the nature of the company’s business, the deployment of its IT system, and its scale. It had to be able to centrally and granularly control access to any local ports and external devices at corporate computers on a per-user, user group, department, and computer basis and according to time/date-based policies. It was mandatory that the solution support comprehensive centralized event logging to trace all relevant user actions for further audit and investigations. The level of integration with the Microsoft Active Directory® management platform was another selection criterion And last, but not least, the solution’s enforcement agents on the protected computers should operate in a tamper-proof mode to eliminate any possibility of end-users or local administrators deleting or disabling them.

After studying available products, conducting thorough evaluations and comparing several identified candidates Syntrus Achmea Real Estate selected DeviceLock® software from DeviceLock, Inc. "DeviceLock was chosen because it got the highest score in all key functional and management areas of the evaluation," commented Dijkstra.

Keeping pace with the changing profile of insider-related threats to sensitive corporate data residing and processed on employees’ computers, Syntrus Achmea Real Estate has recently decided to upgrade to the latest DeviceLock® version that supports the ability to precisely control, log, and audit end-user access to any type of local, network and virtual printers. "We had no doubt that the extended functional scope of the latest DeviceLock version would increase the level of data protection in our corporate environment," emphasized Dijkstra.

About Syntrus Achmea Real Estate

With over 14 billion euros, Syntrus Achmea Real Estate is one of the largest professional asset managers of real estate and mortgages in the Netherlands. Syntrus Achmea Real Estate invests for institutional investors in all sectors in the Netherlands and via fund-of-funds in Europe, North America and Asia. Syntrus Achmea goes for return and out-performance in combination with quality and comfort for its clients and tenants. In addition, Syntrus Achmea Real Estate arranges residential mortgages for private individuals, but also finances commercial properties. Syntrus Achmea has a passion for real estate while being focused on the client. Syntrus Achmea’s goal is quality and out-performance.

About DeviceLock, Inc.

Since its inception in 1996 as SmartLine Inc, DeviceLock, Inc., an international leader in endpoint security, has been providing device control software solutions to organizations of any size and industry. With DeviceLock software installed on more than 3 million computers in over 55,000 organizations worldwide, DeviceLock has a vast range of corporate customers that include financial institutions, telecommunications companies, state and federal government agencies, classified military networks, and educational institutions. DeviceLock, Inc. is an international organization with offices in San Ramon (California, US), London (UK), Ratingen (Germany), Moscow (Russia) and Milan (Italy).